package com.study.spring.security.config;

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;

@Configuration
public class WebSecurityConfig2 extends WebSecurityConfigurerAdapter {
    @Bean
    public PasswordEncoder passwordEncoder() {
        //return NoOpPasswordEncoder.getInstance();
        return new BCryptPasswordEncoder();
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        // 关闭csrf
        http.csrf().disable();

        http.authorizeRequests().antMatchers("/login2.html", "/loginPage2").permitAll()
                .anyRequest().authenticated()
                .and()
                //表单提交
                .formLogin()
                //自定义登录页面
                .loginPage("/login2.html")
                //登录访问路径，必须和表单提交接口一样
                .loginProcessingUrl("/login2Page")
                .successForwardUrl("/home2")
                .failureForwardUrl("/toerror")
                .permitAll()
                .and()
                .logout().logoutUrl("/logout2")
                .logoutSuccessUrl("/user/logout2").permitAll();
    }
}
